Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Vulnerability steals data from Intel and AMD CPUs — and you’re probably affected

Researchers just outlined a new vulnerability that affects processor chips — and it’s called Hertzbleed. If used to conduct a cybersecurity attack, this vulnerability can help the attacker steal secret cryptographic keys.

The scale of the vulnerability is somewhat staggering: According to the researchers, most Intel and AMD CPUs might be impacted. Should we be worried about Hertzbleed?

Hertzbleed vulnerability logo on a blue and white background.
Hertzbleed

The new vulnerability was first discovered and described by a team of researchers from Intel as part of its internal investigations. Later on, independent researchers from UIUC, UW, and UT Austin also contacted Intel with similar findings. According to their findings, Hertzbleed might affect most CPUs. The two processor giants, Intel and AMD, have both acknowledged the vulnerability, with Intel confirming that it affects all of its CPUs.

Recommended Videos

Intel has issued a security advisory that provides guidance to cryptographic developers on how to strengthen their software and libraries against Hertzbleed. So far, AMD hasn’t released anything similar.

Get your weekly teardown of the tech behind PC gaming
Check your inbox!

What exactly is Hertzbleed and what does it do?

Hertzbleed is a chip vulnerability that allows for side-channel attacks. These attacks can then be used to steal data from your computer. This is done through the tracking of the processor’s power and boost mechanisms and observing the power signature of a cryptographic workload, such as cryptographic keys. The term “cryptographic keys” refers to a piece of information, securely stored in a file, which can only be encoded and decoded through a cryptographic algorithm.

In short, Hertzbleed is capable of stealing secure data that normally remains encrypted. Through observing the power information generated by your CPU, the attacker can convert that information to timing data, which opens the door for them to steal crypto keys. What’s perhaps more worrying is that Hertzbleed doesn’t require physical access — it can be exploited remotely.

It’s quite likely that modern processors from other vendors are also exposed to this vulnerability, because as outlined by the researchers, Hertzbleed tracks the power algorithms behind the Dynamic Voltage Frequency Scaling (DVFS) technique. DVFS is used in most modern processors, and thus, other manufacturers such as ARM are likely affected. Although the research team notified them of Hertzbleed, they are yet to confirm whether their chips are exposed.

Putting all of the above together certainly paints a worrying picture, because Hertzbleed affects such a large number of users and so far, there is no quick fix to be safe from it. However, Intel is here to put your mind at ease on this account — it’s highly unlikely that you will be the victim of Hertzbleed, even though you are likely exposed to it.

According to Intel, it takes anywhere between several hours to several days to steal a cryptographic key. If someone would still want to try, they might not even be able to, because it requires advanced high-resolution power monitoring capabilities that are difficult to replicate outside of a lab environment. Most hackers wouldn’t bother with Hertzbleed when plenty of other vulnerabilities are discovered so frequently.

How to make sure Hertzbleed won’t affect you?

Hertzbleed vulnerability mitigation methods depicted in a chart.
Intel

As mentioned above, you are probably secure even without doing anything in particular. If Hertzbleed gets exploited, it’s unlikely that regular users will be affected. However, if you want to play it extra safe, there are a couple of steps you can take — but they come at a severe performance price.

Intel has detailed a number of mitigation methods to be used against Hertzbleed. The company doesn’t seem to be planning to deploy any firmware updates, and the same can be said about AMD. As per Intel’s guidelines, two ways exist to be fully protected from Hertzbleed, and one of them is super easy to do — you just have to disable Turbo Boost on Intel processors and Precision Boost on AMD CPUs. In both cases, this will require a trip to the BIOS and disabling boost mode. Unfortunately, this is really bad for your processor’s performance.

The other methods listed by Intel will either only result in partial protection or are very difficult, if not impossible, for regular users to apply. If you don’t want to tweak the BIOS for this and sacrifice your CPU’s performance, you most likely don’t have to. However, keep your eyes open and stay sharp — cybersecurity attacks take place all the time, so it’s always good to be extra careful. If you’re tech-savvy, check out the full paper on Hertzbleed, first spotted by Tom’s Hardware.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
AMD might finally beat Intel for the fastest mobile gaming CPU
AMD Ryzen 6000 laptop chip.

AMD's Ryzen 9 7945HX, the mobile flagship for this generation, was just spotted in some early benchmarks. The test results show that AMD might be really competitive in gaming laptops this year.

The CPU outpaced its last-gen equivalents by miles, and it kept up with Intel's best processors despite having far fewer cores.

Read more
The 6 best Intel CPUs of all time
A Core i9-12900KS processor sits on its box.

Of all the players in the world of computing, Intel is one of the oldest as well as one of the most titanic. It can be hard getting excited about Intel, whether the company is dominating as it did in the 2010s or floundering as it is in the 2020s; it's pretty difficult for people to fall in love with the status quo or a large company that loses to smaller ones. The opposite is true for Intel's rival AMD, which has always been the underdog, and everyone (usually) loves the underdog.

But Intel couldn't become the monolithic giant it is today without being a hot and innovative upstart once upon a time. Every now and then, Intel has managed to shake things up on the CPU scene for the better. Here are six of Intel's best CPUs of all time.
Intel 8086
Intel becomes a leader

Read more
The first AMD Ryzen 7000 CPUs are here, but they’re not what you’re expecting
AMD Ryzen 7020 processor on a black background.

AMD is introducing a new range of mobile processors -- the Ryzen 7020 series. Although they're technically the first Ryzen 7000 CPUs, they don't share much in common with the upcoming desktop range that AMD is releasing on September 27.

Instead, they use the Zen 2 architecture -- the same design AMD used with its Ryzen 3000 desktop processors. That's because they're built for portability and battery life, topping out at only 15 watts for the most powerful chip in the lineup. There are three new processors, allow of which come with Radeon 610M graphics built in:

Read more